???????????????AppScan????????????????
?????ToughLife ???????[ 2016/5/13 13:58:20 ] ?????????????????? ??????????
????1. SQL??????д?????????????
???????????????????????????????????????????????????????????????????????????????????Σ????????????????????????????ó?????м????????????磺??????? SQL ????????????????е?Javascript???????и??????????????
?????????????????????????
????[1] |??????????
????[2] &??&?????
????[3];??????
????[4] $??????????
????[5] %??????????
????[6] @??at ?????
????[7] '?????????
????[8] "???????
????[9] '????б????嵥?????
????[10] "????б??????????
????[11] <>?????????
????[12] ()???????
????[13] +??????
????[14] CR?????????ASCII 0x0d??
????[15] LF?????У?ASCII 0x0a??
????[16] ?????????
????[17] ????б???
???????Rational AppScan Standard????????????????????????????????????????????????ο?http://www-01.ibm.com/support/docview.wss?uid=swg21472385
????2.??δ????
????????????????????????′???
????//??????????????δ????
????request.getSession().invalidate();//???session
????Cookie[] cookies = request.getCookies();//???cookie
????if(null != cookies &&cookies.length> 0){
????for(Cookie cookie : cookies){
????cookie.setMaxAge(0);//??cookie????
????}
????}
????3. ?????????α??
???????????????????????????????????????????ж?????
????//?????????????????????α??
????String referer = req.getHeader("Referer"); //REFRESH
????String serverName = request.getServerName();
????if(null != referer&&referer.indexOf(serverName) < 0){
????req.getRequestDispatcher(req.getRequestURI()).forward(req?? response);
????}
????4.????????????
?????????????????????????????????????????????????????ж??????????????????????????????????????????????????????????Σ????????????? ???????????????ó?????м????????????磺??????? SQL ????????????????е?Javascript???????и??????????????????????ο????1.SQL??????д?? ??3.?????????α?? ??????????
????5.????????????
???????????
????1).????????????????????????MD5????????????????????
????2). ???????SSL?????????飻??????????????????????????????
????3). ?????HTTP?????????SSL?????????????Apache-Tomcat??÷???????conf??????μ?server.xml???????′???
????<!--????SSL??Https??????????????????????8443 ->
????<Connectorport="8443"minSpareThreads="5"maxSpareThreads="75"
????enableLookups="true"disableUploadTimeout="true"
????acceptCount="100"maxThreads="200"
????scheme="https" secure="true"SSLEnabled="true"
????ciphers="SSL_RSA_WITH_RC4_128_SHA?? TLS_RSA_WITH_AES_128_CBC_SHA??
????TLS_DHE_RSA_WITH_AES_128_CBC_SHA?? TLS_DHE_DSS_WITH_AES_128_CBC_SHA??
????SSL_RSA_WITH_3DES_EDE_CBC_SHA?? SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA??
????SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
????keystoreFile="keystore/server.keystore"keystorePass="123456"
????clientAuth="false"sslProtocol="TLS"/>
?????????keystore/server.keystore????洢·????123456??????????
????4). ????WEB.XML????м??????′???
????<!--????????????????????????????SSL????????? -->
????<security-constraint>
????<web-resource-collection>
????<web-resource-name>SSL</web-resource-name>
????<url-pattern>/*</url-pattern>
????</web-resource-collection>
????<user-data-constraint>
????<transport-guarantee>CONFIDENTIAL</transport-guarantee>
????</user-data-constraint>
????</security-constraint>
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11